CloudFormation未收到来自非默认VPC中cfn-信号的信号
CloudFormation未收到来自非默认VPC中cfn-信号的信号
提问于 2019-06-21 00:38:32
我有LaunchTemplate和ASG的CloudFormation模板,
当cfn-init完成部署时,cfn-signal应向CloudFormation发送信号和结果。
从/var/log/cfn-init.log我看到信号已经发送:
来自/var/log/cfn-wire.log的..and我看到它已经被成功接收:
..but CloudFormation没有收到它,在超时时堆栈失败:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
VPC:
Type: AWS::EC2::VPC::Id
Default: "vpc-f98e0683"
Subnet1:
Type: String
Default: "subnet-da88f186"
KeyName:
Type: String
Default: "test-aws6-virginia"
AMI:
Type: AWS::EC2::Image::Id
Default: "ami-07b4156579ea1d7ba" #Ubuntu 16.04
InstanceType:
Type: String
Default: "t2.micro"
Az1:
Type: AWS::EC2::AvailabilityZone::Name
Default: "us-east-1a"
Resources:
SecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupName: "SecurityGroup"
GroupDescription: "Security Group"
VpcId: !Ref VPC
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
InstanceRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "InstanceRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AdministratorAccess"
InstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
- !Ref InstanceRole
NetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
GroupSet:
- !Ref SecurityGroup
SubnetId: !Ref Subnet1
Tags:
- Key: Name
Value: "NetworkInterface"
ZabbixLaunchTemplate:
Type: "AWS::EC2::LaunchTemplate"
Metadata:
AWS::CloudFormation::Init:
configSets:
Zabbix:
- 00-ZabbixInstall
00-ZabbixInstall:
commands:
download:
command: "wget https://repo.zabbix.com/zabbix/4.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.0-2+xenial_all.deb && dpkg -i zabbix-release_4.0-2+xenial_all.deb"
update:
command: "apt update"
install:
command: "apt -y install zabbix-server-pgsql zabbix-frontend-php php-pgsql zabbix-agent"
services:
sysvinit:
zabbix-server:
enabled: "true"
ensureRunning: "true"
zabbix-agent:
enabled: "true"
ensureRunning: "true"
apache2:
enabled: "true"
ensureRunning: "true"
Properties:
LaunchTemplateName: "ZabbixLaunchTemplate"
LaunchTemplateData:
TagSpecifications:
- ResourceType: "instance"
Tags:
- Key: Name
Value: "Instance"
- ResourceType: volume
Tags:
- Key: Name
Value: "Instance"
DisableApiTermination: false
KeyName: !Ref KeyName
ImageId: !Ref AMI
InstanceType: !Ref InstanceType
IamInstanceProfile:
Name: !Ref InstanceProfile
NetworkInterfaces:
- NetworkInterfaceId: !Ref NetworkInterface
DeviceIndex: 0
UserData:
Fn::Base64:
!Join
- ''
- - |
#!/bin/bash
- |
- apt-get update -y && apt-get install python-pip -y && pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
- |+
- |
- "cfn-init --verbose"
- " --stack "
- !Ref "AWS::StackName"
- " --resource ZabbixLaunchTemplate"
- " --configsets Zabbix"
- " --region "
- !Ref "AWS::Region"
- |+
- |
- "cfn-signal --exit-code $?"
- " --stack "
- !Ref "AWS::StackName"
- " --resource ZabbixASG"
- " --region "
- !Ref "AWS::Region"
- |+
ZabbixASG:
Type: "AWS::AutoScaling::AutoScalingGroup"
Properties:
AutoScalingGroupName: "ZabbixASG"
DesiredCapacity: "1"
MaxSize: "1"
MinSize: "1"
HealthCheckType: "EC2"
LaunchTemplate:
LaunchTemplateId: !Ref ZabbixLaunchTemplate
Version: !GetAtt ZabbixLaunchTemplate.LatestVersionNumber
AvailabilityZones:
- !Ref Az1
CreationPolicy:
ResourceSignal:
Timeout: PT15M只有在非默认VPC下部署才能正常工作,例如VPC通过该模板创建则无法正常工作:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
VpcCIDR:
Type: String
Default: "172.29.0.0/16"
Subnet1CIDR:
Type: String
Default: "172.29.1.0/24"
Subnet2CIDR:
Type: String
Default: "172.29.2.0/24"
Az1:
Type: String
Default: "us-west-2a"
Az2:
Type: String
Default: "us-west-2c"
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Subnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref Subnet1CIDR
AvailabilityZone: !Ref Az1
MapPublicIpOnLaunch: true
Subnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref Subnet2CIDR
AvailabilityZone: !Ref Az2
MapPublicIpOnLaunch: true
Subnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref Subnet1
Subnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref Subnet2
Route:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
Outputs:
VpcId:
Value:
!Ref VPC
Subnet1Id:
Value:
!Ref Subnet1
Subnet2Id:
Value:
!Ref Subnet2这在Ubuntu 16.04和AWS Linux 2上都是一样的
回答 1
Stack Overflow用户
发布于 2019-06-21 08:57:53
这把我难倒了!
我已经成功地在使用您提供的模板创建的VPC中以及通过VPC向导创建的VPC中重现了您的结果。
在这种情况下,CloudFormation无法识别ASG的完成。当我尝试手动发送cfn-signal时,它的响应是:
$ cfn-signal --exit-code 0 --stack s7 --resource ZabbixASG --region us-west-2
2019-06-20 23:13:24,571 [DEBUG] CloudFormation client initialized with endpoint https://cloudformation.us-west-2.amazonaws.com
2019-06-20 23:13:24,571 [DEBUG] Signaling resource ZabbixASG in stack s7 with unique ID i-07d2be90dc51c509a and status SUCCESS
ValidationError: Signal with ID i-07d2be90dc51c509a for resource ZabbixASG already exists. Signals may only be updated with a FAILURE status.这表明服务已经接收到信号,因此发送是正确的。但是,ASG的状态仍为Resource creation Initiated。
为什么使用默认VPC会有不同的结果,我不知道!不存在会影响这样的信号的通信差异。
我唯一能建议的就是联系AWS支持,让他们帮助调试。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/56690461
复制相关文章
相似问题